Lucene search
K

29 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Frappe Learning Management System 注入漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.53.0 had a injection vulnerability. This vulnerability allowed authenticated users to provide malicious content in certain...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 11:54 p.m.26 views

CVE-2026-46546

CVE-2026-46546 affects Frappe Learning Management System (LMS) prior to version 2.53.0. An authenticated user could provide specially crafted content in editable fields, which surfaces in page metadata and causes visitors’ browsers to navigate to an attacker‑chosen URL. The issue has been patched...

5.4CVSS5.4AI score0.00136EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS5.4AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/21 7:57 p.m.11 views

CVE-2026-39405

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

9.4CVSS5.7AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 8:16 p.m.17 views

CVE-2026-39405

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

9.4CVSS0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 7:34 p.m.12 views

EUVD-2026-31177

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

9.4CVSS5.7AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 p.m.3 views

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 8:7 p.m.4 views

EUVD-2026-20603

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.46.0 contained security vulnerabilities. These vulnerabilities stemmed from reliance on client-side calculations for quiz...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 5:50 p.m.4 views

EUVD-2026-18462

Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 5:50 p.m.12 views

CVE-2026-34606

CVE-2026-34606 concerns Frappe LMS. The vulnerability is a stored XSS affecting Frappe LMS releases from version 2.27.0 up to 2.47.x (i.e., before 2.48.0). The issue has been patched in 2.48.0 . The provided sources do not supply exploit details, affected modules, or specific attack vectors beyon...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/02 5:50 p.m.18 views

CVE-2026-34606 Stored XSS in Frappe LMS

Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...

6.9CVSS0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/21 1:30 a.m.6 views

CVE-2026-26977

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...

6.9CVSS5.5AI score0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/11 9:32 p.m.2 views

CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

5.3CVSS5.5AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-7726

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions prior to 2.44.0 Description A security issue was identified in Frappe Learning Management System where unauthorized users could access the full list of enrolled students, including their email...

5.3CVSS5.4AI score0.00177EPSS
Exploits0References7
NVD
NVD
added 2026/01/14 7:16 p.m.7 views

CVE-2026-23497

Frappe Learning Management System LMS is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages...

5.4CVSS0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/14 6:25 p.m.4 views

CVE-2026-23497 Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages

Frappe Learning Management System LMS is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages...

5.3CVSS5.8AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.6 views

PT-2026-2948

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions prior to 2.44.0 Description Frappe Learning Management System LMS contains a stored cross-site scripting XSS issue. A crafted image filename can trigger malicious JavaScript execution when displayed o...

5.3CVSS5.7AI score0.00142EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/13 8:2 p.m.5 views

CVE-2025-67734

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...

5.4CVSS5.9AI score0.00143EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 8:15 a.m.7 views

CVE-2025-67730

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.4CVSS0.00147EPSS
Exploits0References2
Rows per page
Query Builder